Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

Excel Report Template Security


  • Hello all,
    First of all here are my system specs:
    Mango Core: 3.5.6
    Mango API: 3.5.2
    Mango UI: 3.5.5
    Platform: Centos 7.4.1708
    Java Version: 1.8.0_161

    One of our users have pointed out an issue with the file store for the Excel Report Templates. When one user is logged in and creates an excel report they can see everyone's templates in the folder. This is a data protection issue since the templates usually have the users name and site name in the title of the template.

    For example a user is logged in and would like to set up a new Excel report:
    0_1560340279163_fba40cc6-27fa-499a-82b3-e608f13798d1-image.png
    The reports from other users are not visible and that is great. but when they go to choose a file:

    0_1560340770231_17d6aea1-9b19-4474-9a10-a70c885dc435-image.png

    All the other user files are visible.

    I can't see anywhere in the system that allows me to put passwords on the templates to prevent this from happening.

    Is there anywhere in the background that I could add permissions to stop users from seeing other templates that do not belong to them?

    Cheers

    Brian

    p.s. I just checked the way the reports worked in mango 2.8. This is not an issue because the choose file button only gives the user the ability to browse their own local drives.


  • I don't believe this is possible at the moment but I might be wrong but it sure does seem like a feature worth having!


  • Hello,
    I was trying several permission variations and removed read permission to the entire filestore. The result was that I lost the logos and other image files that were uploaded for the dashboards but there was no change to the excel reports filestore for some reason. Each user was still able to see everyone's templates.

    Cheers

    Brian


  • Bump.

    I am eager to get a solution to this issue which has become a problem for us.

    Thank you

    Brian


  • Hello IAS,
    I just saw the forum entry for the changes made to the modules for 3.6 beta 6.
    I think some of those changes are addressing my concerns here.
    How soon can I expect the beta to become a general release?

    Cheers

    Brian


  • Hi Brian,

    I do not believe a fix for this observation is in that beta. I do believe it is our intention to make that fix. The timeline of the release is not firmly established. I will update you when a fix for the issue is in the code, and when it is released.


  • Hello Phil,
    Thank you for the update. In the mean time I will have to anonymise the spreadsheet templates.

    Cheers

    Brian